journalpump is a daemon that takes log messages from journald and pumps them to a given output. A logging vulnerability was found in journalpump which logs out the configuration of a service integration in plaintext to the supplied logging pipeline, including credential information contained in the configuration if any. The problem has been patched in journalpump 2.5.0.
References
Configurations
History
02 Jan 2024, 16:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-215 |
CWE-319 |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://github.com/Aiven-Open/journalpump/security/advisories/GHSA-738v-v386-8r6g - Vendor Advisory | |
References | () https://github.com/Aiven-Open/journalpump/commit/390e69bc909ba16ad5f7b577010b4afc303361da - Patch | |
CPE | cpe:2.3:a:aiven:journalpump:*:*:*:*:*:*:*:* | |
First Time |
Aiven
Aiven journalpump |
21 Dec 2023, 02:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-21 00:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-51390
Mitre link : CVE-2023-51390
CVE.ORG link : CVE-2023-51390
JSON object : View
Products Affected
aiven
- journalpump